&#1615;&#1611;SQL Query Problem

ًُSQL Query Problem

danrah

Why doesn't this work? Please?

              $serializeditems=addslashes($_SESSION['items']); //this field is serialized
		$buyername=addslashes($_POST['name']);
		$telephone=addslashes($_POST['telephone']);
		$paymentmethod=addslashes($_POST['paymentmethod']);
		$address=addslashes($_POST['address']);
		$deliverytime=addslashes($_POST['deliverytime']);
		$email=addslashes($_POST['email']);
                $extrainfo=addslashes($_POST['extrainfo']);

$query="INSERT INTO buyer_details". "(order,buyer_name,buyer_phone,payment_method,address,delivery_time,email,comments) VALUES" . "('$serializeditems','$buyername','$telephone','$paymentmethod','$address','$deliverytime','$email','$extrainfo')";

an SQL syntax error is produced:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order,buyer_name,buyer_phone,payment_method,address,delivery_time,email,comments'

Piranha

Why do you have 3 different strings that are merged together to one string? I would do it this way:

$query="INSERT INTO buyer_details (order,buyer_name,buyer_phone,payment_method,address,delivery_time,email,comments) VALUES ('$serializeditems','$buyername','$telephone','$paymentmethod','$address','$deliverytime','$email','$extrainfo')";

.

Anyway, I think the problem is that you didn't have a space between "buyer_details" and "(order", but I'm not sure that it is the problem.

danrah

I changed the code as u said. but it didn't work and the same error still persists.

danrah

yeah!!! I found...
changing order to order_items , solved the problem. I think order is a reserved word. isn't it?

Piranha

Yep it is. I don't know why I didn't think of that...